IS-IS Support for an IS-IS Instance per VRF for IP

This feature provides multiple VRF-aware IS-IS instances. The VRF functionality allows Internet service providers (ISPs) to separate routing protocol information and propagate it to the appropriate routing table and network neighbors. Using one router with VRF functionality is more cost-effective than using separate routers to separate and forward the routing information.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for IS-IS Support for an IS-IS Instance per VRF for IP

  • It is presumed that you are running IS-IS on your network.

  • The VRF configuration is a prerequisite to associating an IS-IS instance with that specific VRF. However, the VRF configuration is independent of associating it with IS-IS or any other routing protocol. An IS-IS instance cannot be referred to as being VRF-aware until it has been associated with a particular VRF.

Restrictions for IS-IS Support for an IS-IS Instance per VRF for IP

Support for IS-IS VRF is provided only for IPv4.

When you configure the IS-IS Support for an IS-IS Instance per VRF for IP feature, you must comply with the following nine best-practice guidelines:

  • IS-IS instances running Connectionless Network Services (CLNS) must have the same system ID.

  • An IS-IS instance that is running CLNS or IPv6 cannot be associated with a VRF.

  • You can configure only one IS-IS instance to run both CLNS and IP.

  • IS-IS instances within the same VRF must have unique system IDs, although IS-IS instances located in separate VRFs can have the same system ID.

  • You can associate an IS-IS instance with only one VRF.

  • You can configure the passive-interface default command only on one IS-IS instance per VRF.

  • Redistribution is allowed only within the same VRF.

  • You can enable only one IS-IS instance per interface.

  • An interface can belong to an IS-IS instance only if it is associated with the same VRF.


Note


If you are using LDP, you cannot use the route-target command when configuring a VRF. The router will use BGP for Multiprotocol Label Switching (MPLS) labels.


Information About IS-IS Support for an IS-IS Instance per VRF for IP

VRF-Aware IS-IS

You can configure IS-IS to be VPN routing and forwarding (VRF)-aware. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included in the routing table.

IS-IS Support for an IS-IS Instance per VRF for IP Feature Operation

ISPs have the capability to create multiple VRF-aware IS-IS instances that run on one router, rather than requiring duplicate hardware. IS-IS can be enabled to be VRF-aware, and ISPs can use multiple VRF-aware IS-IS instances to separate customer data while propagating the information to appropriate service providers.

For example, an ISP can create three VRFs--VRF First, VRF Second, and VRF Third--to represent three separate customers. A VRF-aware IS-IS instance is created and associated with each VRF: tagFIRST, tagSECOND, and tagTHIRD. Each instance will have its own routing process, IS-IS database, and routing table, and will calculate its own shortest path first (SPF) tree.

How to Configure IS-IS Support for an IS-IS Instance per VRF for IP

Creating a VRF

Before You Begin
  • It is presumed that you have IS-IS running on your network.

  • If CEF is not enabled by default on your platform, you will need to enable CEF in order to associate interfaces with VRF-aware IS-IS instances.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip cef [distributed]

    4.    ip vrf vrf-name

    5.    rd route-distinguisher


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip cef [distributed]


    Example:
    Router(config)# ip cef distributed
     

    Enables CEF on the Route Processor card.

    • If CEF is not enabled by default on your particular platform, you must configure it with the ip cef command.

     
    Step 4 ip vrf vrf-name


    Example:
    Router(config)# ip vrf first
     

    Configures a VRF routing table, and enters VRF configuration mode.

     
    Step 5 rd route-distinguisher


    Example:
    Router(config-vrf)# rd 1:1
     

    Creates routing and forwarding tables for a VRF.

     

    Attaching an Interface to the VRF

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface type number

      4.    ip vrf forwarding vrf-name


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.

       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 interface type number


      Example:
      Router(config)# interface GigabitEthernet 0/2/0
       

      Configures an interface type and enters interface configuration mode.

       
      Step 4 ip vrf forwarding vrf-name


      Example:
      Router(config-if)# ip vrf forwarding vrffirst
       

      Associates a VPN routing and forwarding instance (VRF) with an interface or subinterface.

       

      Creating VRF-Aware IS-IS Instances

      Prerequisites

      Before you create VRF-aware IS-IS instances, you need to enable IP routing on the router.


      Note


      Only one instance within the VRF can be configured as the passive interface default.


      Creating a VRF-Aware IS-IS Instance in Interface Configuration Mode

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    interface type number

        4.    ip address ip-address mask [secondary]

        5.    ip router isis process-tag

        6.    no shutdown

        7.    end


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Router> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.

         
        Step 2 configure terminal


        Example:
        Router# configure terminal
         

        Enters global configuration mode.

         
        Step 3 interface type number


        Example:
        Router(config)# interface GigabitEthernet 0/2/0
         

        Configures an interface type and enters interface configuration mode.

         
        Step 4 ip address ip-address mask [secondary]


        Example:
        Router(config-if)# ip address 172.16.11.1 255.255.255.255
         

        Sets a primary or secondary IP address for an interface.

         
        Step 5 ip router isis process-tag


        Example:
        Router(config-if)# ip router isis tagfirst
         

        Configures an IS-IS routing process for IP on an interface and attaches a tag to the routing process.

        Note   

        The configuration of the interface-mode ip router isis command will overwrite the prior configuration on that interface, but only if the new configuration is attempting to change the interface ownership to a different instance that is in the same VRF as the currently configured owner instance. The configuration will be rejected if the attempted change is between two instances that are associated with different VRFs.

         
        Step 6 no shutdown


        Example:
        Router(config-if)# no shutdown
         

        Restarts a disabled interface.

         
        Step 7 end


        Example:
        Router(config-if)# end
         

        Exits interface configuration mode.

         

        Creating a VRF-Aware IS-IS Instance in Router Configuration Mode

        SUMMARY STEPS

          1.    enable

          2.    configure terminal

          3.    router isis process-tag

          4.    vrf vrf-name

          5.    net network-entity-title

          6.    end


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 enable


          Example:
          Router> enable
           

          Enables privileged EXEC mode.

          • Enter your password if prompted.

           
          Step 2 configure terminal


          Example:
          Router# configure terminal
           

          Enters global configuration mode.

           
          Step 3 router isis process-tag


          Example:
          Router(config-if)# router isis tagFirst
           

          Enables the IS-IS routing protocol, specifies an IS-IS process, and enters router configuration mode.

          • It is presumed that the VRF named First was previously created.

           
          Step 4 vrf vrf-name


          Example:
          Router(config-router)# vrf first
           

          Associates an IS-IS instance with a VRF.

           
          Step 5 net network-entity-title


          Example:
          Router(config-router)# net 49.000b.0000.0001.0002.00
           

          Configures an IS-IS NET for a CLNS routing process.

           
          Step 6 end


          Example:
          Router(config-router)# end
           

          Exits router configuration mode.

           

          Configuration Examples for IS-IS Support for an IS-IS Instance per VRF for IP

          Example Configuring Multiple VRF-Aware IS-IS Instances

          In the following example, the VRF Second is created and an IS-IS instance is created explicitly by entering the router isis command on the router:

          Router(config)# ip cef distributed
          Router(config)# ip routing
          Router(config)# ip vrf Second
          Router(config-vrf)# rd 1:1
          Router(config-if)# router isis tagSecond
          Router(config-router)# vrf Second
          Router(config-router)# net 49.000b.0000.0001.0002.00
          

          The VRF Third is created and a VRF-aware IS-IS instance is automatically created when the ip router isis command is entered:

          Router(config)# ip vrf Third
          Router(config-vrf)# rd 1:1
          Router(config-if)# interface GigabitEthernet0/2/0
          Router(config-if)# ip vrf forwarding Third
          Router(config-if)# ip address 172.16.10.1 255.255.255.0
          Router(config-if)# ip router isis tagThird
          Router(config-if)# no shutdown
          

          A new IS-IS instance with the process tag tagThird will automatically be created and associated with the VRF Third. When the show running-config command is entered, the following information for the new IS-IS instance will be displayed:

          Router# show running-config
          Building configuration...
          .
          .
          .
          router isis tagThird
           vrf Third
          Router(config)# router isis tagThird
          Router(config-router)# net 49.000b.0000.0001.0001.00
          

          The following sample output verifies information for the VRF-aware IS-IS instances that were created in the previous examples:

          Router# show isis tagThird topology
          Tag tagThird:
          IS-IS paths to level-2 routers
          System Id             Metric  Next-Hop                 Interface   SNPA
          router-02             10      router-02                GE4/3/0     0010.0ddc.e00b
          router-03             10      router-03                GE0/2/0     0006.0e03.0c45
          router-04             10      router-04                GE4/0/0     000a.f3c3.1c70
          .                             router-04                GE4/1/0     000a.f3c3.1c71
          .
          .
          .
          Router# show clns tagSecond neighbors
          Tag tagSecond:
          System Id      Interface   SNPA                State  Holdtime  Type Protocol
          router-03      GE0/2/0     00d0.2b7f.9502      Up     9         L2   IS-IS
          router-03      PO2/2/0     DLCI 211            Up     27        L2   IS-IS
          router-02      PO2/0/0     DLCI 131            Up     29        L2   IS-IS
          router-11      GE0/4/0     000e.d79d.7920      Up     7         L2   IS-IS
          router-11      GE0/5/0     000e.d79d.7921      Up     8         L2   IS-IS
          router-11      PO3/2/0     DLCI 451            Up     24        L2   IS-IS
          .
          .
          .
          Router# show isis tagThird database level-2
          Tag tagThird:
          IS-IS Level-2 Link State Database:
          LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
          router-01.00-00       0x0000000A    0x5E73       914               0/0/0
          router-01.03-00       0x00000001    0x8E41       894               0/0/0
          router-01.04-00       0x00000001    0x8747       894               0/0/0
          router-03.00-00     * 0x00000005    0x55AD       727               0/0/0
          router-03.02-00     * 0x00000001    0x3B97       727               0/0/0
          router-02.00-00       0x00000004    0xC1FB       993               0/0/0
          router-02.01-00       0x00000001    0x448D       814               0/0/0
          router-04.00-00       0x00000004    0x76D0       892               0/0/0
          Router# show isis tagThird database level-1
          Tag tagThird:
          IS-IS Level-1 Link State Database:
          LSPID                  LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
          router-03.00-00      * 0x0000000B   0xBDF6        1005              1/0/0
          router-03.02-00      * 0x00000001   0xC473        940               0/0/0
          router-07.00-00        0x00000006   0x403A        940               0/0/0
          Router# show clns tagSecond protocol
          IS-IS Router: tagSecond
            System Id: 0000.0001.0002.00  IS-Type: level-2-only
            Manual area address(es): 
                  49.000b
            Routing for area address(es): 
                  49.000b
            Interfaces supported by IS-IS:
                  GigabitEthernet4/1/0 - IP
                  GigabitEthernet4/0/0 - IP
                  GigabitEthernet4/3/0 - IP
            Redistributing: 
              static
            Distance: 110
            RRR level: none
            Generate narrow metrics: level-1-2
            Accept narrow metrics:   level-1-2
            Generate wide metrics:   none
            Accept wide metrics:     none
          Router# show clns tagThird protocol
          IS-IS Router: tagThird
            System Id: 0000.0001.0001.00  IS-Type: level-1-2
            Manual area address(es): 
                  49.000b
            Routing for area address(es): 
                  49.000b
            Interfaces supported by IS-IS:
                  POS2/2/0 - IP
                  GigabitEthernet0/2/0 - IP
                  GigabitEthernet0/4/0 - IP
                  POS2/0/0 - IP
                  GigabitEthernet0/5/0 - IP
                  POS3/2/0 - IP
            Redistributing: 
              static
            Distance: 110
            RRR level: none
            Generate narrow metrics: none
            Accept narrow metrics:   none
            Generate wide metrics:   level-1-2
            Accept wide metrics:     level-1-2

          Example Creating an IS-IS Instance Without a Process Tag

          In the following example, an IS-IS instance was created without the optional process tag. When an IS-IS instance is created without the optional process tag, you can display its information by entering the commands such as show clns protocol with "null" specified for the process-tag argument.

          Router(config)# router isis
          Router(config-router)# vrf first
          Router(config-router)# net 49.000b.0000.0001.ffff.00
          Router(config-router)# is-type level-1
          Router(config)# interface POS 6/1/0
          Router(config-if)# ip vrf forwarding first
          Router(config-if)# ip address 172.16.2.1 255.255.255.0
          Router(config-if)# ip router isis
          Router(config-if)# no shutdown
          

          Because the IS-IS instance is created without the optional process tag, its information is displayed when the show clns protocol command is entered with "null" specified for the process-tag argument:

          Router# show clns null protocol
          IS-IS Router: <Null Tag>
            System Id: 0000.0001.FFFF.00  IS-Type: level-1
            Manual area address(es): 
                  49.000b
            Routing for area address(es): 
                  49.000b
            Interfaces supported by IS-IS:
                  POS6/1/0 - IP
            Redistributing: 
              static
            Distance: 110
            RRR level: none
            Generate narrow metrics: level-1-2
            Accept narrow metrics:   level-1-2
            Generate wide metrics:   none
            Accept wide metrics:     none

          Example Redistributing Routes from an IS-IS Instance

          In the following sample configuration, routes have been redistributed from the IS-IS instance "null" into the IS-IS instance named tagBLUE. Routes from an OSPF process in VRF Blue have been redistributed into the IS-IS instance named tagBLUE.

          Router(config)# router isis tagBLUE
          Router(config-router)# redistribute isis null ip metric 10 route-map isisMAP1
          Router(config-router)# redistribute ospf 1 vrf BLUE metric 1 metric-type external
           level-1-2
          .
          .
          .
          Router(config)# route-map isisMAP1 permit 10
          Router(config-route-map)# match route-type level-2 level-1
          Router(config-route-map)# set level level-2
          

          Example Changing the Interface Ownership

          In the following sample configuration, POS interface 6/1/0 was originally enabled for IS-IS IP routing for a "null" instance that does not have a process tag, which is in vrfSecond. The new configuration changes the ownership of POS interface 6/1/0 to another instance tagSecond, which is also in vrfSecond.


          Note


          Note that use of the ip router isiscommand in interface configuration mode will overwrite the prior configuration on that interface, but only if the new configuration is attempting to change the interface ownership to a different instance that is in the same VRF as the currently configured owner instance. The configuration will be rejected if the attempted change is between two instances that are associated with different VRFs.


          Router(config)# interface POS 6/1/0
          Router(config-if)# ip router isis tagSecond
          %ISIS: Interface detached from null and to be attached to instance tagBLUE.

          Additional References

          Related Documents

          Related Topic

          Document Title

          IS-IS commands: complete command syntax, command mode, defaults, command history, usage guidelines, and examples

          Cisco IOS IP Routing: ISIS Command Reference

          Overview of Cisco IS-IS conceptual information with links to all the individual IS-IS modules

          "Integrated IS-IS Routing Protocol Overview" module

          ISO CLNS commands

          Cisco IOS ISO CLNS Command Reference

          Cisco IOS master command list, all releases

          Cisco IOS Master Command List, All Releases

          Standards

          Standards

          Title

          No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

          --

          MIBs

          MIBs

          MIBs Link

          No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

          To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

          http:/​/​www.cisco.com/​go/​mibs

          RFCs

          RFCs

          Title

          No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

          --

          Technical Assistance

          Description

          Link

          The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

          http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

          Feature Information for IS-IS Support for an IS-IS Instance per VRF for IP

          The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

          Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

          Table 1 Feature Information for IS-IS Support for an IS-IS Instance per VRF for IP

          Feature Name

          Releases

          Feature Information

          IS-IS Support for an IS-IS Instance per VRF for IP

          Cisco IOS XE Release 2.1

          Cisco IOS XE Release 3.3SG

          This feature provides multiple VRF-aware IS-IS instances. The VRF functionality allows ISPs to separate routing protocol information and propagate it to the appropriate routing table and network neighbors. Using one router with VRF functionality is more cost-effective than using separate routers to separate and forward the routing information.

          This feature was introduced on the Cisco ASR 1000 Series Aggregation Services Routers.

          The following commands were modified by this release: show clns neighbors, show clns protocol, show isis database, show isis topology, vrf (router configuration)